January 26, 2023
We get it. The hiring market is tough out there right now and when your main goal is providing the best experience for your patients, you will do whatever it takes to build a strong team. But before you go sailing the high seas to find your next hire, you might want to make sure they’re paddling in the same direction.
Are you considering outsourcing job roles to agencies that employ individuals in other countries? A company’s location and where its employees are located doesn’t necessarily mean they are or are not HIPAA compliant. As a practice, you are responsible for checking the company’s policies and procedures of any company you hire to ensure that they comply with all relevant regulations. If an organization outsources any function that involves access to PHI, it must have a written contract with the Business Associate.
Here are some questions we recommend asking prior to working with an outsourced company:
- Does the company providing the outsourcing have a Business Associate Agreement or will they sign yours?
- Do the employees receive annual HIPAA training and are they aware of the Sanctions Policy if they disclose or misuse PHI?
- Does each user have their own unique login that is monitored frequently by the practice to ensure there is no misuse? (If the outsourced company only requests one shared login, this is extremely high risk.)
- Do the user credentials only apply to the areas of the EHR or PM that are required for the user to complete their job duties? (i.e. scheduling)
- Does the practice have specific policies and procedures in place when working with outsourced companies? For example:
- Making patients aware that they may be contacted by an outsourced company
- Having procedures in place to monitor calls
- Checking EHR logs
- Ensuring the outsourced company is reporting any potential breaches or violations
Let’s make sure all eyes are on the same prize – HIPAA compliance. Still not sure if you’re asking the right questions? Give us a buzz and we will walk you through the most important processes and policies to follow.